Fergie's Tech Blog

Saturday, November 17, 2007

U.S. Toll in Iraq

As of Saturday, Nov. 17, 2007, at least 3,867 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,151 died as a result of hostile action, according to the military's numbers.

The AP count is four higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

Indian Provincial Government's Offical Website Hacked

Goa government's Information and Publicity Department's official website has allegedly been hacked by a Turkish hacker who has posted anti-American slogans on it.

Goa government has started a process of filing an FIR with police on the issue. "This is a very serious matter and we will be filing FIR with the police," state Chief Secretary J P Singh, who also holds charge as Information Secretary, said.

The website, which otherwise has information of Goa's people in power and related data, besides various government schemes, was flooded with pictures of executions and arms seizure.

Friday, November 16, 2007

Air Canada Reservations Glitch Creates Delays for 96k Passengers

Air Canada officials spent Friday trying to find the cause of a massive network failure that brought down the company's reservation system, grounding flights and delaying thousands of weekend travellers at airports across Canada and around the world.

Around 4 a.m., Air Canada's operations ground to a halt when its central reservation system experienced a communication error with computer systems at Canadian airports. It was several hours before the airline was able to rectify the problem, resulting in the cancellation of eight round-trip flights and lengthy delays for an estimated 96,000 passengers as employees had to process boarding passes manually.

Although Air Canada pegged the average delay at 40 minutes, many travellers said they were left waiting for hours. By Friday afternoon, some were still languishing in lineups, while Air Canada struggled to expedite the backlog, predicting everyone would reach their destinations before the day was over. Meanwhile, company officials tried to figure out what went wrong.

Toon of the Day: Scary Connections

U.S. Toll in Iraq, Afghanistan

As of Friday, Nov. 16, 2007, at least 3,867 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,151 died as a result of hostile action, according to the military's numbers.

The AP count is four higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, Nov. 16, 2007, at least 398 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Nov. 10, 2007, at 10 a.m. EST.

Of those, the military reports 269 were killed by hostile action.

There were also four CIA officer deaths and one military civilian death.

California Man Arrested in Theft of 1.8M Social Security Numbers from Veterans

A man who purchased $5,600 in jewelry at a store in Tustin using three fraudulent credit cards, one belonging to actor Marlon Wayans, was arrested Thursday in Los Angeles after a months-long investigation, said Tustin police Lt. John Strain.

The investigation also uncovered from his home computer about 1.8 million Social Security numbers from the U.S. Department of Veteran Affairs, where Kim had been employed as an auditor. Veterans Affairs' officials have said only 185,000 numbers are at risk because many were repeated in the file.

Tae Kim, 28, was booked at Orange County Jail and is being held in lieu of $1 million bail after being arrested at 5 p.m. Thursday at a car wash in Koreatown, police said.

On April 7, two Asian men identified as Kim and Justin Hong, purchased jewelry from Jewelry Exchange at 15732 Tustin Village Way using three skimmed cards belong to three different victims, one of whom was actor Marlon Wayans, Strain said.

Auditors: One NASA Hack Cost $1.5M

A recent series of intrusions into the Earth Observing System’s networks “cost NASA $1.5 million for incident mitigation and cleanup costs alone,” said the agency’s inspector general, Robert Cobb, in a memo issued Nov. 13.

Those costs came on top of the “operational impact to the agency‘s mission, such as the temporary suspension of automated processes,” caused by the criminal hack of the networks, Cobb said. The memo was addressed to NASA’s administrator and accompanied the IG’s report titled “NASA’s Most Serious Management and Performance Challenges.”

“Our criminal investigative efforts over the past five years confirm that the threats to NASA’s information are broad in scope, sophisticated and sustained,” auditors wrote in the report.

Flying Spaghetti Monster Gets Academic Attention

When some of the world's leading religious scholars gather in San Diego this weekend, pasta will be on the intellectual menu. They'll be talking about a satirical pseudo-deity called the Flying Spaghetti Monster, whose growing pop culture fame gets laughs but also raises serious questions about the essence of religion.

The appearance of the Flying Spaghetti Monster on the agenda of the American Academy of Religion's annual meeting gives a kind of scholarly imprimatur to a phenomenon that first emerged in 2005, during the debate in Kansas over whether intelligent design should be taught in public school sciences classes.

Deja Vu All Over Again at Veterans Administration

In what's become a fairly familiar routine for them of late, the U.S. Department of Veterans Affairs is investigating a potential data breach -- the theft of three computers containing personal data on potentially 12,000 individuals.

Two desktop PCs and one laptop containing that data were stolen from a medical facility in Roudebush, Indiana -- ironically enough, on Veterans Day. The records belong to patients who were treated at the hospital and include Social Security numbers and other personally identifiable information.

9th Circuit Deals Setback to NSA Surveillance Victim

A federal appeals court reversed a decision letting two Americans who claim to have been given proof they were spied on by the government's secret, post-9/11 surveillance program to rely on a document the government accidentally turned over to prove that they were spied on.

Instead, the court ruled that the document was protected by the so-called state secrets privilege, but sent the matter back down to a lower court to see if a redress provision in the nation's spying laws would re-allow the document to be used.

The ruling is also a setback for the government which wanted the suit tossed simply on the grounds that any lawsuit about a government surveillance program would hurt the nation.

U.S. Senate Passes Cybercrime Bill

The Senate on Thursday passed a bill amending federal law to directly address online crimes, including identity theft.

The Identity Theft Enforcement and Restitution Act of 2007 was passed by unanimous consent. It is one of a host of bills before Congress that would deal with what many in the information technology industry and law enforcement say are holes in the current legal structure regarding cybercrime. A similar bill in the House has not moved out of subcommittee.

The Senate bill would amend Title 18 of the U.S. Code to specifically address conspiracy to commit cybercrime and close loopholes to prohibit online extortion and address botnets — networks of compromised computers used by criminals to launch attacks and conduct fraudulent activity — by making it a crime to damage 10 or more computers in a year. It also would give victims of identify theft a chance to seek restitution in federal court for the loss of time and money spent restoring their credit.

U.S. Toll in Iraq, Afghanistan

As of Thursday, Nov. 15, 2007, at least 3,866 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,147 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Thursday at 10 a.m. EST.

As of Thursday, Nov. 15, 2007, at least 398 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Nov. 10, 2007, at 10 a.m. EST.more stories like this

Many Retailers Easy to Hack, Study Finds

Half of more than 3,000 retail stores that a wireless security company secretly monitored at major shopping areas in the U.S. and Europe use wireless data systems vulnerable to hacking, the company said Thursday.

The data that stores routinely transmit on wireless networks include credit card and Social Security numbers and other sensitive customer information.

AirDefense Inc., an Atlanta-based maker of security products for wireless data systems, found that about 25 percent of the stores' 4,748 wireless access points were exchanging data with no encryption at all to foil electronic eavesdroppers.

Another 25 percent were using an outdated encryption method called Wireless Equivalent Privacy that is easily cracked by thieves using widely available tools.

Guilty Plea: Phone Phreaks Use Caller-ID Spoofing to Get Foes Raided By SWAT

An Ohio man has pleaded guilty to a federal conspiracy charge for being part of a gang of "swatters" -- one them blind -- who used Caller ID spoofing to phone the police with fake hostage crises, sending armed cops bursting into the homes of innocent people.

Stuart Rosoff of Cleveland, Ohio pleaded guilty to one count of conspiracy last Friday in federal court in the Northern District of Texas.

The case seems to confirm that swatters are using simple Caller ID spoofing to pull these unfunny hoaxes -- and not "hacking into 911" after all. But the court documents indicate that Rosoff was part of a remarkably sophisticated gang of old-school phone phreaks with serious access to at least one phone company's computers, which they used to get information on their targets.

Defense Focus: Spy Satellite Lessons Not Learned

Underlying the $4 billion U.S. reconnaissance satellite fiasco lie deeper, uncomfortable truths almost never alluded to, let alone understood, by politicians of either major American political party: U.S. leaders and policymakers do not understand the science and technology available to them and have blind, childish, even magical faith in what it can do without beginning to understand how it really works.

The U.S. obsession with software engineering and virtual reality has distracted investment and career energies way from the essential, old-fashioned, "hard" engineering and technological disciplines that are still essential to get anything made, working and keep working.

Quote of the Day: Scott Amey

"We've always heard that the contractors were in bed with the government. This may literally prove that."

- Scott Amey, general counsel for the Washington-based watchdog the Project on Government Oversight, commenting on news that a former U.S. Army contracting officer in charge of awarding contractual work in Iraq did so on the basis of a sexual tryst with a contractor.

'There Are Not 13 Root DNS Servers...'

I am at the UN Internet Governance Forum, being held this week in Rio de Janeiro, Brazil. A recurring theme you can hear here is one that has vexed the technical community many times before — “Why are there 13 root servers?” This question is usually followed by questions like “Why are most of the root servers in the US?”

Jilted Lover Jailed for Internet Monitoring

Jealous husbands, beware: If you've ever entertained the idea of spying on your wife's Internet activity and email, think about Shawn Macleod, who recently learned he'd be spending four years in the slammer for secretly installing Internet monitoring software on his estranged wife's computer.

Macleod, of Austin, Texas, reportedly used a tool called SpyRecon to gather logs of the sites she had surfed and emails she had sent, and was charged with wiretapping, or "unlawful interception of electronic communication," a felony that can carry a sentence of up to 20 years in prison. His attorney says his client, who pleaded guilty in May, probably didn't know that his actions were unlawful.

Image of the Day: Rosetta 'Comet Chaser' View of Earth by Night

This striking composite of Earth by night shows the illuminated crescent over Antarctica and cities of the northern hemisphere. The images were acquired with the OSIRIS Wide Angle Camera (WAC) during Rosetta’s second Earth swing-by on 13 November.

This image showing islands of light created by human habitation was taken with the OSIRIS WAC at 19:45 CET, about 2 hours before the closest approach of the spacecraft to Earth. At the time, Rosetta was about 80 000 km above the Indian Ocean where the local time approached midnight (the angle between Sun, Earth and Rosetta was about 160°). The image was taken with a five-second exposure of the WAC with the red filter.

This image showing Earth’s illuminated crescent was taken with the WAC at 20:05 CET as Rosetta was about 75 000 km from Earth. The crescent seen is around Antarctica. The image is a colour composite combining images obtained at various wavelengths.

New Russian Movie Download Site Follows AllofMP3's Lead

Although it is apparently not related to the music download site that was the bane of the music industry's existence, a new site is promising cheap downloads of movies.

Called ZML, the new site offers about 1,500 different titles for download that are free of any digital rights management restrictions. Among the titles available include recent hits 300 and Transformers, as well as classics Apocalypse Now and Aliens.

Each movie is available for download starting at a cost of $1.99, and are encoded in the DivX/Xvid codec according to the site's help files. Those wanting higher quality for larger screens would also have the option of a $2.99 and $4.99 version of the title.

Like AllofMP3, ZML claims it is following the policies of the Russian Organization for Multimedia and Digital Systems (ROMS).

Russian Business Network: Faking Its Demise

HYPOTHESIS: Logically RBNs fake anti-spyware or rogue software should show major changes in serving and hosting over the last week or so, if the demise of the RBN is correct. Fortunately based on limited CYBERINT earlier we were able to show 57 well known ‘fakes’ and 34 of the top 40 being RBN related, below can be seen the specifics.

RESULT: With the exception of the loss of replacement of AS40989 secondary name servers there has been little or no change to the core IP addresses.

FBI's Top Lawyer Defends Data-Dragnet Powers

The FBI's top lawyer defended the Patriot Act on Wednesday, saying the bureau's increased powers are vital to aiding investigations into attacks such as the London subway bombing.

FBI general counsel Valerie Caproni said during a conference at New York University's law school that the 2001 changes to the Patriot Act involving national security letters (NSLs) were crucial to accessing phone records. NSLs are subpoena-like orders that the FBI can use to obtain information about companies' customers.

Caproni, a former federal prosecutor who took her current position in 2003, said that after the July 2005 subway bombings in London--which killed dozens of commuters and injured hundreds more--the British security service gave the United States "lots" of phone numbers called by the suspected perpetrators.

U.S. Panel Urges Vigilance on China Spying, Cyber War

Chinese espionage posed "the single greatest risk" to U.S. technology, a congressional advisory panel said on Thursday and called for efforts to protect industrial secrets and computer networks.

The U.S.-China Economic and Security Review Commission also called in its annual report to Congress for closer work with China to promote energy security and deal with environmental problems such as climate change and pollution.

The panel urged the U.S. Congress to examine "military, intelligence, and homeland security programs that monitor and protect critical American computer networks and sensitive information, specifically those tasked with protecting networks from damage caused by cyber attacks."

Wednesday, November 14, 2007

Off Topic: Warp Drive

The dreamers at the British Interplanetary Society are thinking big today. They're hosting scientists and engineers from around the world who are studying the theory behind warp drive -- the propulsion system that powers fictional starships. They may not be sending anyone to Vulcan anytime soon, but they are learning more about how the universe works.

About a decade ago, a scientist named Miguel Alcubierre came up with a theoretical basis for warp drive.

He used Albert Einstein's theory of gravity to formulate a "bubble" in spacetime.

Maybe The Best xkcd Ever?

U.S. Toll in Iraq

As of Wednesday, Nov. 14, 2007, at least 3,864 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,147 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EST.

Did NSA Put a Secret Backdoor in New Encryption Standard?

The U.S. government released a new official standard for random-number generators this year, and it will likely be followed by software and hardware developers around the world. Called NIST Special Publication 800-90 [.pdf], the 130-page document contains four different approved techniques, called DRBGs, or "Deterministic Random Bit Generators." All four are based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. It's smart cryptographic design to use only a few well-trusted cryptographic primitives, so building a random-number generator out of existing parts is a good thing.

But one of those generators -- the one based on elliptic curves -- is not like the others. Called Dual_EC_DRBG, not only is it a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute.

How to Check the WHOIS Record of an IDN Domain

Have you every wanted to check if a domain was available for a common word for phrase in a different language. Asking us how to do a whois lookup on an IDN domain name is actually a common question in our support ticket system.

So I thought I would let the world know how to do it. Perhaps you want to look at the whois record for “world map” in Korean. Here is a step-by-step instruction on how to do it.

Select the language you want to translate into. Example: “English to Korean”

If your results look like, “????”, then you need to install a language pack for your operating system. On WindowsXP it is really easy, just follow these instructions for the Microsoft Language Packs on Microsoft’s website. You can enable this from your control panel in a few minutes.

Once you have the translated words and it will look like a foreign language and it can be copied and pasted it into domaintools search box. Then the last step is to append “.com” to it. Then hit search and it will auto-translate it into the IDN script.

ITU Botnet Mitigation Toolkit

Botnets (also called zombie armies or drone armies) are networks of compromised computers infected with viruses or malware to turn them into “zombies” or “robots” – computers that can be controlled without the owners’ knowledge. Criminals use the collective computing power and connected bandwidth of these externally-controlled networks for malicious purposes and criminal activities, including, inter alia, generation of spam e-mails, launching of Distributed Denial of Service (DDoS) attacks, alteration or destruction of data, and identity theft.

The threat from botnets is growing fast. The latest (2007) generation of botnets such as Zhelatin (Storm Worm) uses particularly aggressive techniques such as fast-flux networks and striking back with DDoS attacks against security vendors trying to mitigate them. An underground economy has now sprung up around botnets, yielding significant revenues for authors of computer viruses, botnet controllers and criminals who commission this illegal activity by renting botnets.

In response to this, ITU is developing a Botnet Mitigation Toolkit to help deal with the growing problem of botnets. Inspired by the Australian Internet Security Initiative (AISI), the toolkit draws on existing resources, identifies relevant local and international stakeholders, and takes into consideration the specific constraints of developing economies. The toolkit seeks to raise awareness among Member States of the growing threats posed by botnets and the linkage with criminal activities and incorporates policy, technical and social aspects of mitigating the effects of botnets. The first draft of the toolkit will be made available in December 2007, with pilot tests planned in a number of ITU Member States in 2008.

Swedish Police Swoop on Dan Egerstad - UPDATE

The Swedish hacker who perpetrated the so-called hack of the year has been arrested in a dramatic raid on his apartment, during which he was taken in for questioning and several of his computers confiscated.

Dan Egerstad, a security consultant, intercepted data carried over a global communications network used by embassies around the world in August and gained access to 1000 sensitive email accounts. They contained confidential diplomatic memos and other sensitive government emails.

After informing the governments involved of their security failings and receiving no response, Egerstad published 100 of the email accounts, including login details and passwords, on his website for anyone curious enough to have a look. The site, derangedsecurity.com, has since been taken offline.

The hack required little more than tools freely available on the internet, and Egerstad maintains he broke no laws. In fact, he is confident the email accounts he gained access to were already compromised by other hackers, so his efforts in fact prevented them from continuing their spying.

GAO: Bomb Parts Snuck Past Airport Checks (Again)

CBS News correspondent Bob Orr reports terrorists could slip past Transportation Security Administration screeners and, with a few readily available components, assemble an explosive that could cause severe damage to an airplane, according to a new report from the Government Accountability Office.

The report, obtained exclusively by CBS News, details how GAO investigators conducted covert tests at 19 airports earlier this year to test the vulnerabilities of the passenger screening process. The investigators succeeded in passing through TSA checkpoints undetected with components for making improvised explosive devices (IED) and improvised incendiary devices (IID).

"Our tests clearly demonstrate that a terrorist group, using publicly available information and a few resources, could cause severe damage to an airplane and threaten the safety of passengers," the report states.

U.S. House Focuses on Internet Sex Predators

The House is taking on people who use the Internet to prey on children, working through bills that would make it easier to monitor and prosecute cyber crimes against juveniles and to educate children about online dangers.

"We need to think of this as a war," said Rep. Debbie Wasserman Schultz, D-Fla., sponsor of one of a half-dozen sex predator, child pornography and Internet safety bills heading for passage Wednesday. The bills were put together by Democratic majority but enjoyed wide bipartisan support.

Her bill would approve spending $1 billion over the next eight years to combat online child exploitation. It would create a Justice Department office to coordinate prosecution efforts; increases money for a program that helps state and local law enforcement; and provides more dollars to hire agents and improve forensic lab capabilities dedicated to child exploitation cases. It passed 415-2.

With Web 2.0, A New Breed of Malware Evolves

Web 2.0 technologies may be laying the groundwork for a new generation of hacker tools, a noted security researcher said Wednesday.

Google Mashups, RSS feeds, search, all of these can be misused by hackers to distribute malware, attack Web surfers and communicate with botnets, said Petko Petkov, a security researcher speaking at the Open Web Application Security Project (OWASP) U.S. 2007 conference, held on eBay's campus.

Tools like the downloadable MPack hacker toolkit have made it easier for the bad guys to deploy malicious code, but some of these emerging technologies promise to take hacking to a whole new level, he said. "Now people can use and abuse Web 2.0 technologies to construct something much larger," he said. "When you look at it from a hacker perspective, you'll see there are a whole lot of opportunities," he said.

TSA Denies Tipping Airport Screeners to Tests

Bush administration officials vehemently denied today that airport screeners have been tipped about covert security tests even as lawmakers brandished an e-mail from Transportation Security Administration officials that not only warned employees of testing, but described the methods and appearance of those conducting the probes.

"There was no intent to tip off, there was no cheating," insisted TSA chief Kip Hawley, who said that TSA officials sent the e-mail not to tip off screeners, but because they thought the tests might really be an Al Qaeda operation.

NHL, MLB Websites Hit by Traffic-Redirection Ad Attack - UPDATE

Malicious banner ads first affected visitors to the websites of Major League Baseball and the National Hockey League late last week, according to researchers at Exploit Prevention Labs.

According to Roger Thompson, chief technology officer, the malicious banner ads hijacked user sessions on both websites. The malware then tried to force the visitor to download malware posing as an anti-virus application.

Thompson told SCMagazineUS.com today that visitors were not able to avoid the malware.

Comcast Sued Over BitTorrent Blocking

A California man filed suit in state court Tuesday against internet service provider Comcast, arguing that the company's secret use of technology to limit peer-to-peer applications such as BitTorrent violates federal computer fraud laws, their user contracts and anti-fraudulent advertising statutes.

Plaintiff Jon Hart, represented by the Lexington Law Group, argues that Comcast's promises of providing internet connections that let users "Download at Crazy Fast Speeds" are false and misleading since Comcast limits downloads by transmitting "unauthorized hidden messages to the computers of customers" who use peer-to-peer file sharing software. Hart wants the court to force Comcast to stop interfering with the traffic.

He also wants the court to certify the suit as a class action and force Comcast to pay damages to himself and all other Comcast internet subscribers in California.

UK Wants ISPs to Fight Terror

British Prime Minister Gordon Brown wants Internet companies to help stifle online terrorist propaganda, he told lawmakers Wednesday, as officials say they plan to meet leading service providers to find ways of putting a lid on extremist content.

But the providers argue they already do all they can to fight illegal terrorist material online, and experts say even powerful filters cannot block determined users from getting their message out.

The prime minister's proposal comes as the European Union considers ways to sanction Web sites that display terror propaganda or recruit for terrorist groups.

Vint Cerf: Government Control of Internet Failing

Attempts by governments to create a controlling agency for the internet are likely to fail, Dr Vint Cerf, one of the founding fathers of the World Wide Web, said.

In an interview on the sidelines of a United Nations-led forum on internet governance in Rio de Janeiro, Cerf, 64, said the fact that the web is almost entirely privately owned is a major obstacle to such control.

The forum discussed issues like the fight against child pornography and Internet security as well as the possible establishment of an intergovernmental body to coordinate such efforts.

"It's tempting to think that you need a United Nations-like structure to deal with it," Cerf said.

"I believe it will be very hard to accomplish that objective for one simple reason - 99% of the internet, the physical internet, is in private sector hands, operated by the private sector," he said, defending a different governance structure made up of multiple stakeholders.

Election 'Fixes' Grave Concern for e-Voting Ballot Security

Johnnie German admitted he was nervous as he used high-security codes to tap into the Harris County elections computer system last week and change some of the results manually.

The system was in good hands as the votes were counted from the sprawling Nov. 6 contests. German is the county's respected administrator of elections, and there were witnesses present as he corrected the vote totals on a sales tax referendum for a fire/ambulance district in the Cypress-Fairbanks area of northwest Harris County.

But German's late-night deed, said by officials to be a first-time event in the six years Harris County has used the eSlate voting system, has rekindled the debate about whether the newest electronic methods for counting votes should be trusted.

What German graphically demonstrated was that with the proper physical and informational access, one person can alter the results of an election in a county of 1.8 million registered voters.

Animal Rights Activist Hit With RIPA Key Decrypt Demand

An animal rights activist has been ordered to hand over her encryption keys to the authorities.

Section Three of the Regulation of Investigatory Powers Act (RIPA) came into force at the start in October 2007, seven years after the original legislation passed through parliament. Intended primarily to deal with terror suspects, it allows police to demand encryption keys or provide a clear text transcript of encrypted text.

Failure to comply can result in up to two years imprisonment for cases not involving national security, or five years for terrorism offences and the like. Orders can be made to turn over data months or even years old.

The contentious measure, introduced after years of consultation, was sold to Parliament as a necessary tool for law enforcement in the fight against organised crime and terrorism.

But an animal rights activist is one of the first people at the receiving end of a notice to give up encryption keys. Her computer was seized by police in May, and she has been given 12 days to hand over a pass-phrase to unlock encrypted data held on the drive - or face the consequences.

Tuesday, November 13, 2007

U.S. Toll in Iraq, Afghanistan

As of Tuesday, Nov. 13, 2007, at least 3,861 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians.

At least 3,147 died as a result of hostile action, according to the military's numbers.The AP count is three higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

As of Tuesday, Nov. 13, 2007, at least 391 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department.

The department last updated its figures Nov. 3, 2007, at 10 a.m. EST.Of those, the military reports 262 were killed by hostile action.

Shocker: Russia Casts A Selective Net in Piracy Crackdown

The newspaper Novaya Gazeta, one of the last outposts of critical journalism in Russia, suspended publication of its regional edition in the southern city of Samara on Monday after prosecutors opened a criminal case against its editor, alleging that his publication used unlicensed software.

The case is part of a larger assault on independent news media, advocacy organizations and political activists, according to government critics. But it is one that is specifically tailored to deflect foreign criticism.

AT&T to Sell Equipment to Monitor Workplaces

AT&T plans to introduce a nationwide program today that gives owners of small- and medium-size businesses some of the same tools big security companies offer for monitoring employees, customers and operations from remote locations.

Under AT&T’s Remote Monitor program, a business owner could install adjustable cameras, door sensors and other gadgets at up to five different company locations across the country.

Using a Java-enabled mobile device or a personal computer connected to the Internet, the owner would be able to view any of the images in real time, control room lighting and track equipment temperatures remotely. All the images are recorded on digital video, which can be viewed for up to 30 days.

(IN)SECURE Magazine, Issue 14: Now Available

Sensitive Guantánamo Bay Manual Leaked Through Wiki Site

A never-before-seen military manual detailing the day-to-day operations of the U.S. military's Guantánamo Bay detention facility has been leaked to the web, affording a rare inside glimpse into the institution where the United States has imprisoned hundreds of suspected terrorists since 2002.

The 238-page document, "Camp Delta Standard Operating Procedures," is dated March 28, 2003. It is unclassified, but designated "For Official Use Only." It hit the web last Wednesday on Wikileaks.org.

For what it's worth, I have sent an e-mail to the technical contact of this domain to notify them of the issue -- but somehow I don't think they'll receive it:

----- The following address(es) had permanent fatal errors ----- ;originally to rfc822;semch@centrmia.gov.ua (unrecoverable error)The user to whom this message was addressed has exceeded the allowed mailbox quota.Please resend the message at a later time.

Bummer.

- ferg

UPDATE: 22:53 PST, 14 November 2007: I have received word from colleagues that this website belongs to Office of Ministry of Internal Affairs in Zhitomir Region of Ukraine. And yes, it is still hacked. -ferg

Toon of the Day: Back Scratching

Yahoo! Settles With Jailed Chinese Writers

Yahoo on Tuesday settled a lawsuit filed in the United States by two mainland Chinese writers who were imprisoned after the technology company handed over their private account information to Chinese law enforcement authorities.

Terms of the settlement weren't disclosed. But a source at Yahoo said the company has been "working with the families, and we're working with them to provide them with financial, humanitarian and legal assistance."

Yahoo has also agreed to establish a global human rights fund to provide "humanitarian relief" to support dissidents and their families. The source said that details still have to be worked out.

DoJ Reopens Warrantless Wiretapping Inquiry Perviously Halted By Bush

The Justice Department has reopened a long-dormant inquiry into the government's warrantless wiretapping program, a major policy shift only days into the tenure of new Attorney General Michael Mukasey.

The investigation by the department's Office of Professional Responsibility was shut down last year, after the investigators were denied security clearances. Gonzales told Congress that President Bush, not he, denied the clearances.

"We recently received the necessary security clearances and are now able to proceed with our investigation," H. Marshall Jarrett, counsel for the OPR, wrote to Rep. Maurice Hinchey, D-N.Y. A copy of the letter, dated Tuesday, was obtained by The Associated Press.

Hinchey and other Democrats have long sought an investigation into the spying program to see if it complies with the law. Efforts to investigate the program have been rebuffed by the Bush administration.

Ex-FBI, CIA Employee Pleads Guilty to Computer Crime

A former employee of the U.S. Federal Bureau of Investigation and Central Intelligence Agency has pleaded guilty to charges of fraudulently obtaining U.S. citizenship and accessing a U.S. government computer system to unlawfully find information about her relatives and the Islamic organization Hizballah.

Nada Nadim Prouty, 37, originally from Lebanon, also pleaded guilty Tuesday in U.S. District Court for the Eastern District of Michigan to conspiracy to defraud the U.S. government. She was accused of using her fraudulently obtained U.S. citizenship to gain employment with the FBI and CIA, and of using her position in the FBI to check on the information held on family members connected to Hizballah, according to the U.S. Department of Justice. The U.S. government considers Hizballah a terrorist group.

Report: Los Alamos Investigating Breach on Unclassified Network

The Laboratory is investigating a recent attack on its unclassified Yellow Network. A significant amount of unclassified material was removed. The exact nature of the stolen information is under forensic investigation.

Affected computers were disconnected from the Lab's network and the hacker's software has been disabled.

Laboratory Director Michael Anastasio reminded employees in an all-employee memo to be cyber security aware. "This recent occurrence is a reminder that awareness is the first and most important layer of defense against fast-spreading worms that target known vulnerabilities. The threat of comprehensive, malevolent attacks is continuous and high," said Anastasio.

U.S. Targets Terrorists as Online Thieves Run Amok

Since the outbreak of a cybercrime epidemic that has cost the American economy billions of dollars, the federal government has failed to respond with enough resources, attention and determination to combat the cyberthreat, a Mercury News investigation reveals.

"The U.S. government has not devoted the leadership and energy that this issue needs," said Paul Kurtz, a former administration homeland and cybersecurity adviser. "It's been neglected."

Even as the White House asked last week for $154 million toward a new cybersecurity initiative expected to reach billions of dollars over the next several years, security experts complain the administration remains too focused on the risks of online espionage and information warfare, overlooking the international criminals who are stealing a fortune through the Internet.

TJX's Projected Breach Costs Increase To $216 Million

In a footnote in its Tuesday earnings announcement, TJX increased its estimate of pre-tax charges for the world's worst credit card data breach to $216 million. Back in August, it had projected only a $168 million pre-tax hit.

The data breach consisting of extensive cyber thief activity within TJX's network from 2003 through June 2004 and then again from mid-May 2006 through mid-December 2006, TJX said. Court filings have estimated that the data from some 96 million credit cards was accessed during the incidents.

Monday, November 12, 2007

U.S. Mortgage Crisis Slams E*Trade

E*Trade Financial Corp.'s decision to become a more aggressive player in U.S. home loans whipsawed the discount brokerage in dramatic fashion Monday, pummelling its market value by almost 60 per cent and prompting one analyst to speculate the company could be heading for bankruptcy.

The grim financial prognosis has only reinforced suggestions that E*Trade is vulnerable to a takeover, and TD Ameritrade Holding Corp., the online broker in which Toronto-Dominion Bank owns a 40-per-cent stake, is viewed as one of the most motivated buyers.

Livermore Lab Warns of Layoffs

Just six weeks after a new manager took charge, Lawrence Livermore National Laboratory announced Monday it will lay off of as many as 500 employees due to increasing costs.

At an all-hands morning meeting, lab director George Miller told employees that 2,000 of them would be given notice this week that they are among those whose jobs are in jeopardy.

Those laid off will be temporary workers with fixed-term contracts known as flex-term employees and supplemental labor workers hired through contractors including IAP Worldwide Services.

In addition to the impending 500 layoffs, at least 50 of these employees have already been let go, triggering the Warn Act which requires management to notify employees of the possibility of a mass layoff.